NNSquad - Network Neutrality Squad
[ NNSquad ] Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL
Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL http://bit.ly/fdA1Nb (Cryptogon) "This paper introduces the compelled certificate creation attack, in which government agencies may compel a certificate authority to issue false SSL certificates that can be used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications. Although we do not have direct evidence that this form of active surveillance is taking place in the wild, we show how products already on the market are geared and marketed towards this kind of use-suggesting such attacks may occur in the future, if they are not already occurring. Finally, we introduce a lightweight browser add-on that detects and thwarts such attacks." --Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Co-Founder: People For Internet Responsibility: http://www.pfir.org Founder: - Network Neutrality Squad: http://www.nnsquad.org - Global Coalition for Transparent Internet Performance: http://www.gctip.org - PRIVACY Forum: http://www.vortex.com Member: ACM Committee on Computers and Public Policy Blog: http://lauren.vortex.com Twitter: https://twitter.com/laurenweinstein Google Buzz: http://bit.ly/lauren-buzz Quora: http://www.quora.com/Lauren-Weinstein Tel: +1 (818) 225-2800 / Skype: vortex.com